st2311061234/2311061234
1
1
Fork 0
generated from Java-2025Fall/final-vibevault-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
87e67c8c3c
2311061234/src/main/java/com/vibevault/security/JwtService.java
张雪尔 87e67c8c3c
All checks were successful
autograde-final-vibevault / check-trigger (push) Successful in 2s
Details
autograde-final-vibevault / grade (push) Has been skipped
Details
更新 src/main/java/com/vibevault/security/JwtService.java
2025-12-22 11:00:10 +08:00

137 lines
3.8 KiB
Java
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package com.vibevault.security;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SecurityException;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import com.vibevault.model.User;
import javax.crypto.SecretKey;
import java.nio.charset.StandardCharsets;
import java.util.Date;
/**
* JWT 服务
*
* 提供 JWT token 的生成、验证和解析功能
*/
@Service
public class JwtService {
@Value("${jwt.secret:your-secret-key-here-should-be-at-least-256-bits-long-for-hs256}")
private String secret;
@Value("${jwt.expiration:86400000}")
private long expiration; // 默认 24 小时
/**
* 为用户生成 JWT token
*/
public String generateToken(String username) {
Date now = new Date();
Date expiryDate = new Date(now.getTime() + expiration);
return Jwts.builder()
.setSubject(username)
.setIssuedAt(now)
.setExpiration(expiryDate)
.signWith(getSigningKey())
.compact();
}
/**
* 从 token 中提取用户名
*/
public String extractUsername(String token) {
Claims claims = extractAllClaims(token);
return claims.getSubject();
}
/**
* 验证 token 是否有效
*/
public boolean isTokenValid(String token, User user) {
try {
String username = extractUsername(token);
return username.equals(user.getUsername()) && !isTokenExpired(token);
} catch (Exception e) {
return false;
}
}
/**
* 验证 token 是否有效
*/
public boolean isTokenValid(String token) {
try {
extractAllClaims(token);
return !isTokenExpired(token);
} catch (Exception e) {
return false;
}
}
/**
* 检查 token 是否过期
*/
private boolean isTokenExpired(String token) {
Date expirationDate = extractExpiration(token);
return expirationDate.before(new Date());
}
/**
* 提取 token 的过期时间
*/
private Date extractExpiration(String token) {
Claims claims = extractAllClaims(token);
return claims.getExpiration();
}
/**
* 从 token 中提取所有声明
*/
private Claims extractAllClaims(String token) {
// 把 Jwts.builder() 改成 Jwts.parserBuilder()解析Token用parserBuilder
return Jwts.parser()
.setSigningKey(getSigningKey()) // 这里setSigningKey是parserBuilder的方法
.build()
.parseClaimsJws(token)
.getBody();
}
/**
* 获取签名密钥
*/
private SecretKey getSigningKey() {
return Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
}
/**
* 验证 token 签名和格式
*/
public boolean validateToken(String token) {
try {
// 把 Jwts.builder() 改成 Jwts.parserBuilder(),去掉强制类型转换
Jwts.parser()
.setSigningKey(getSigningKey()) // 解析器才有setSigningKey方法
.build()
.parseClaimsJws(token); // 验证Token
return true;
} catch (SecurityException e) {
System.out.println("无效的 JWT 签名"); // 去掉多余的x:
} catch (MalformedJwtException e) {
System.out.println("无效的 JWT token");
} catch (ExpiredJwtException e) {
System.out.println("JWT token 已过期");
} catch (IllegalArgumentException e) {
System.out.println("JWT token 为空或格式错误");
}
return false;
}
}
Reference in New Issue View Git Blame Copy Permalink